GmSSL-3.0.0国密支持的验证笔记
github上直接下源码编译
github上的tag只有3.0.0和3.1.1两个版本
GmSSL-3.1.1
ubuntu18.04上直接编译报错,放弃了。
GMSSL-3.0.0
cmake直接编译,没有问题
验证
# root @ ubuntu in /opt/GmSSL-3.0.0/bin [5:54:26]
$ ./gmssl version
GmSSL 3.0.0# root @ ubuntu in /opt/GmSSL-3.0.0/bin [5:55:14]
$ cd .. # root @ ubuntu in /opt/GmSSL-3.0.0 [5:55:24]
$ mkdir test# root @ ubuntu in /opt/GmSSL-3.0.0 [5:55:27]
$ cd test # root @ ubuntu in /opt/GmSSL-3.0.0/test [5:55:46] C:130
$ ../bin/gmssl sm2keygen -pass 1234 -out rootcakey.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEEVtfgydCmbg0DqHI5l9E19PFyBy0
4FEsQ45YbmsYCLRRj2KiFHG2K9XSA1zlFJ3ayfVR4p3L1xFtv7LcgCTqXg==
-----END PUBLIC KEY-----# root @ ubuntu in /opt/GmSSL-3.0.0/test [5:56:14]
$ ../bin/gmssl certgen -C CN -ST HeNan -L ZhengZhou -O JL -OU HW -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign# root @ ubuntu in /opt/GmSSL-3.0.0/test [5:57:28]
$ ../bin/gmssl certparse -in rootcacert.pem
CertificatetbsCertificateversion: v3 (2)serialNumber: 39916719DA11E3ED72623D9Bsiganture: sm2sign-with-sm3issuercountryName: CNstateOrProvinceName: HeNanlocalityName: ZhengZhouorganizationName: JLorganizationalUnitName: HWcommonName: ROOTCAvaliditynotBefore: Tue Aug 1 05:57:24 2023notAfter: Fri Jul 29 05:57:24 2033subjectcountryName: CNstateOrProvinceName: HeNanlocalityName: ZhengZhouorganizationName: JLorganizationalUnitName: HWcommonName: ROOTCAsubjectPulbicKeyInfoalgorithmalgorithm: ecPublicKeynamedCurve: sm2p256v1subjectPublicKeyECPoint: 04115B5F83274299B8340EA1C8E65F44D7D3C5C81CB4E0512C438E586E6B1808B4518F62A21471B62BD5D2035CE5149DDAC9F551E29DCBD7116DBFB2DC8024EA5EextensionsExtensionextnID: KeyUsage (2.5.29.15)critical: trueKeyUsage: keyCertSign,cRLSignExtensionextnID: BasicConstraints (2.5.29.19)critical: trueBasicConstraintscA: trueExtensionextnID: AuthorityKeyIdentifier (2.5.29.35)AuthorityKeyIdentifierkeyIdentifier: 3A7F99EF48DCB5D9FAB383BE1D2D769B23E40BB8310B7D82CD1A1172A27C0052signatureAlgorithm: sm2sign-with-sm3signatureValue: 3045022009695034ED4A2D277DF32B094E3B70E23766DAAB3D20E0CD509F6CD85B3D4FA4022100A906ACB14B40ACC6FB9214680A839FD2E157AF0D00858856FE7285B53FA8B014
-----BEGIN CERTIFICATE-----
MIICBjCCAaqgAwIBAgIMOZFnGdoR4+1yYj2bMAwGCCqBHM9VAYN1BQAwXDELMAkG
A1UEBhMCQ04xDjAMBgNVBAgTBUhlTmFuMRIwEAYDVQQHEwlaaGVuZ1pob3UxCzAJ
BgNVBAoTAkpMMQswCQYDVQQLEwJIVzEPMA0GA1UEAxMGUk9PVENBMB4XDTIzMDgw
MTA1NTcyNFoXDTMzMDcyOTA1NTcyNFowXDELMAkGA1UEBhMCQ04xDjAMBgNVBAgT
BUhlTmFuMRIwEAYDVQQHEwlaaGVuZ1pob3UxCzAJBgNVBAoTAkpMMQswCQYDVQQL
EwJIVzEPMA0GA1UEAxMGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE
EVtfgydCmbg0DqHI5l9E19PFyBy04FEsQ45YbmsYCLRRj2KiFHG2K9XSA1zlFJ3a
yfVR4p3L1xFtv7LcgCTqXqNQME4wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wKwYDVR0jBCQwIoAgOn+Z70jctdn6s4O+HS12myPkC7gxC32CzRoRcqJ8
AFIwDAYIKoEcz1UBg3UFAANIADBFAiAJaVA07UotJ33zKwlOO3DiN2baqz0g4M1Q
n2zYWz1PpAIhAKkGrLFLQKzG+5IUaAqDn9LhV68NAIWIVv5yhbU/qLAU
-----END CERTIFICATE-----# root @ ubuntu in /opt/GmSSL-3.0.0/test [5:58:45]
$ ../bin/gmssl reqsign -in gbs_req_cert_a77d169.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out gbs_cert.pem # root @ ubuntu in /opt/GmSSL-3.0.0/test [6:00:14] C:127
$ ../bin.gmssl certparse -in gbs_cert.pem
zsh: no such file or directory: ../bin.gmssl# root @ ubuntu in /opt/GmSSL-3.0.0/test [6:00:24] C:127
$ ../bin/gmssl certparse -in gbs_cert.pem
CertificatetbsCertificateversion: v3 (2)serialNumber: D8646727FE6BB7048619C1D5siganture: sm2sign-with-sm3issuercountryName: CNstateOrProvinceName: HeNanlocalityName: ZhengZhouorganizationName: JLorganizationalUnitName: HWcommonName: ROOTCAvaliditynotBefore: Tue Aug 1 05:59:57 2023notAfter: Wed Jul 31 05:59:57 2024subjectcountryName: CNstateOrProvinceName: HNlocalityName: ZZorganizationName: JLorganizationalUnitName: LiveGBScommonName: 34020000002000000001serialNumber: a77d1691d30cdc6eec2e9fb0acd4a4f4subjectPulbicKeyInfoalgorithmalgorithm: ecPublicKeynamedCurve: sm2p256v1subjectPublicKeyECPoint: 0401283C5026D1730DE4DBF81462BB1A7439FCB4C59A9B826E111A4C597DFB97318D8C7D9BCBA93536F14153CF3141A791BFEFA9C95D7D6338624670A62E9D7612extensionsExtensionextnID: KeyUsage (2.5.29.15)critical: trueKeyUsage: keyCertSignExtensionextnID: BasicConstraints (2.5.29.19)critical: trueBasicConstraintscA: truepathLenConstraint: 0ExtensionextnID: AuthorityKeyIdentifier (2.5.29.35)AuthorityKeyIdentifierkeyIdentifier: 3A7F99EF48DCB5D9FAB383BE1D2D769B23E40BB8310B7D82CD1A1172A27C0052signatureAlgorithm: sm2sign-with-sm3signatureValue: 30440220764BDE97CE2569800D352303587EB888A26C16B61FA6764EA38E1700ADA43577022057F4C7DF30738B4FE0045DB2EEFFD19813109A3BCF8FF654E37D900BE4F5AB2A
-----BEGIN CERTIFICATE-----
MIICPjCCAeOgAwIBAgINANhkZyf+a7cEhhnB1TAMBggqgRzPVQGDdQUAMFwxCzAJ
BgNVBAYTAkNOMQ4wDAYDVQQIEwVIZU5hbjESMBAGA1UEBxMJWmhlbmdaaG91MQsw
CQYDVQQKEwJKTDELMAkGA1UECxMCSFcxDzANBgNVBAMTBlJPT1RDQTAeFw0yMzA4
MDEwNTU5NTdaFw0yNDA3MzEwNTU5NTdaMIGQMQswCQYDVQQGEwJDTjELMAkGA1UE
CBMCSE4xCzAJBgNVBAcTAlpaMQswCQYDVQQKEwJKTDEQMA4GA1UECxMHTGl2ZUdC
UzEdMBsGA1UEAxMUMzQwMjAwMDAwMDIwMDAwMDAwMDExKTAnBgNVBAUTIGE3N2Qx
NjkxZDMwY2RjNmVlYzJlOWZiMGFjZDRhNGY0MFkwEwYHKoZIzj0CAQYIKoEcz1UB
gi0DQgAEASg8UCbRcw3k2/gUYrsadDn8tMWam4JuERpMWX37lzGNjH2by6k1NvFB
U88xQaeRv++pyV19YzhiRnCmLp12EqNTMFEwDgYDVR0PAQH/BAQDAgIEMBIGA1Ud
EwEB/wQIMAYBAf8CAQAwKwYDVR0jBCQwIoAgOn+Z70jctdn6s4O+HS12myPkC7gx
C32CzRoRcqJ8AFIwDAYIKoEcz1UBg3UFAANHADBEAiB2S96XziVpgA01IwNYfriI
omwWth+mdk6jjhcAraQ1dwIgV/TH3zBzi0/gBF2y7v/RmBMQmjvPj/ZU432QC+T1
qyo=
-----END CERTIFICATE-----
CA根证书生成和签发证书流程异常顺利,没啥可写的。
——综合能源系统优化控制技术)
)
)
![[Android 13]PowerManagerService系列1--启动流程和核心方法](http://pic.xiahunao.cn/[Android 13]PowerManagerService系列1--启动流程和核心方法)
